Marcus Brinkmann <[EMAIL PROTECTED]> writes: > The main problem to think about is how to get at the secret key (user > input!), also after hibernation of laptops, etc.
The good thing about swap-encryption is that key management is almost trivial: You create a random key at startup, use it for all swapped out pages, and then you replace the key with new random keys at regular intervals. The OpenBSD implementation actually uses a dozen sections encrypted with different keys, to make retireing keys easier (live data associated with a retired key has to be reencrypted with the replacement key). Keys are generated randomly, kept in the kernel memory (or in the HURD case, in the pager process' memory), and never input, output or stored anywhere. It would be even better to create a new key for every process (and replace it occasionally if the process lives for a long time), and delete the key immediately at process exit. But that is probably more complex than it sounds, when you take shared memory in account. I haven't thought about hibernation; in the model above, capture of a hibernated laptop gives an attacker as much information as if it was captured live just before hibernation. I.e. the attacker gets the memory space of all live processes, whether swapped out or not. He still doesn't get any information that was swapped out some time ago. Perhaps it's good enough to make sure to kill all sensitive processes and change the swap key(s) before hibernation? The alternative would be to encrypt the the swap keys protected by some passphrase-thingy and delete them from memory before hibernation. I don't really know how laptop hibernation works, but if it saves a copy of all physical memory to disk, one would want to encrypt that as well; encrypting the swap isn't enough. /Niels
